Establishing and implementing enhanced cyber protections was critical to support thousands of Laboratory employees working remotely. The Cyber Security Operations Center (CSOC) team in LivIT identified two services—CrowdStrike and Proofpoint—that added robust layers of cloud-based cyber security to better protect LLNL’s network as well as the flow of information traveling between employees via email and across the Lab’s servers.
Proofpoint went live on April 1, 2021, and replaced the Lab’s antiquated IronPort email infrastructure. As a cloud-based system, Proofpoint offers improved community-based protections that allow LivIT to rearchitect the flow of email so that it no longer relies on the LLNL network. Lawrence Livermore was the first National Nuclear Security Administration (NNSA) lab to utilize this cloud-based email security tool.
The Lab continues to remove on-premises dependencies for accessing email, shifting over 90% of email traffic to the cloud. By migrating to a cloud service for email protections, employees no longer have to rely completely on on-site resources to access their email, making it more reliable and supportive of business continuity.
CrowdStrike was deployed on April 25, 2021, and protects Laboratory employees’ computers from viruses and malware across Windows, Linux, and Mac platforms, replacing the Lab’s prior protection service. CrowdStrike gives the CSOC team a more comprehensive view into endpoint–employee laptops, desktop computers, and Lab servers without having to connect to LLNL networks, enabling better protections regardless of the network employees are connected to—another first for an NNSA lab. CrowdStrike also enables LivIT to perform automated fixes to remediate issues from anywhere in the world (as long as an employee’s machine has Internet access).
As cloud-based services, implementing CrowdStrike and Proofpoint required particular attention to the secure handling and protection of LLNL data. Data traveling via email or across systems can have a range of sensitivities, and all data transmitted or stored in the cloud must meet handling requirements for each type of data anticipated or processed. After a rigorous months-long assessment, CSOC staff evaluated the results of CrowdStrike and Proofpoint to ensure like-for-like visibility and protections compared to the prior solutions.
“These were large projects that took a long time to research, fund, secure, and deploy,” says Lee Neely, senior cyber analyst in CSOC. “Each service had to be assessed, and we had to obtain an ‘authorization to operate’ from the Livermore Field Office [NNSA’s oversight arm physically located on LLNL’s campus]. But it was an important investment in the Lab’s cyber security, and we’ll continue to use these tools as the new enterprise standards.”